Related papers: Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge

Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge

URL: http://arxiv.org/abs/2105.12419v1
Date: Wed, 26 May 2021 09:18:58 GMT
Title: Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge
Authors: Heng Chang, Yu Rong, Tingyang Xu, Wenbing Huang, Honglei Zhang, Peng Cui, Xin Wang, Wenwu Zhu, Junzhou Huang
Abstract summary: Existing works usually perform the attack in a white-box fashion. We demand to attack various kinds of graph embedding models with black-box driven. We prove that GF-Attack can perform an effective attack without knowing the number of layers of graph embedding models.
Score: 126.32842151537217
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: With the success of the graph embedding model in both academic and industry areas, the robustness of graph embedding against adversarial attack inevitably becomes a crucial problem in graph learning. Existing works usually perform the attack in a white-box fashion: they need to access the predictions/labels to construct their adversarial loss. However, the inaccessibility of predictions/labels makes the white-box attack impractical to a real graph learning system. This paper promotes current frameworks in a more general and flexible sense -- we demand to attack various kinds of graph embedding models with black-box driven. We investigate the theoretical connections between graph signal processing and graph embedding models and formulate the graph embedding model as a general graph signal process with a corresponding graph filter. Therefore, we design a generalized adversarial attacker: GF-Attack. Without accessing any labels and model predictions, GF-Attack can perform the attack directly on the graph filter in a black-box fashion. We further prove that GF-Attack can perform an effective attack without knowing the number of layers of graph embedding models. To validate the generalization of GF-Attack, we construct the attacker on four popular graph embedding models. Extensive experiments validate the effectiveness of GF-Attack on several benchmark datasets.